https://live.paloaltonetworks.com/t5/general-topics/firewall-using-wrong-ldap-attribute-to-find-user-in-active/m-p/279673#M75747 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/24977">@Carracido</a>&nbsp;</P><P>&nbsp;</P><P>Is your LDAP server profile configured correctly? Do you use the LDAP profile also for User-ID group mapping settings and if yes, does it work there correctly? Did you set the type to active-directory?</P> Sun, 28 Jul 2019 08:54:26 GMT Remo 2019-07-28T08:54:26Z https://live.paloaltonetworks.com/t5/general-topics/firewall-using-wrong-ldap-attribute-to-find-user-in-active/m-p/276404#M75356 <P>Hello Community,</P><P>&nbsp;</P><P>I´d like to check with you the following issue:</P><P>created a LDAP authentication profile which is not working, when using the "test.... " command I get an authentication failed with "<SPAN>Received empty DN for user User12345"</SPAN></P><P>&nbsp;</P><P><SPAN>I made a traffic capture and saw that the&nbsp;firewall is using the wrong attribute to find the user on the active directory. The firewall is using the&nbsp;"uid" attribute to authenticate the user but&nbsp;</SPAN><SPAN>PAN firewalls can use only the following login attributes for LDAP authentication:<BR /><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClogCAC" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClogCAC</A></SPAN></P><P>&nbsp;</P><P><SPAN>If I have the "sAMAccountName" login attribute in my authentication profile, why is the firewall even trying to search the active directory with "uid" attribute? Any idea?</SPAN></P><P>&nbsp;</P><P><SPAN>Thank you,</SPAN></P><P><SPAN>Carracido.&nbsp;</SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Fri, 12 Jul 2019 20:43:54 GMT https://live.paloaltonetworks.com/t5/general-topics/firewall-using-wrong-ldap-attribute-to-find-user-in-active/m-p/276404#M75356 Carracido 2019-07-12T20:43:54Z https://live.paloaltonetworks.com/t5/general-topics/firewall-using-wrong-ldap-attribute-to-find-user-in-active/m-p/279673#M75747 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/24977">@Carracido</a>&nbsp;</P><P>&nbsp;</P><P>Is your LDAP server profile configured correctly? Do you use the LDAP profile also for User-ID group mapping settings and if yes, does it work there correctly? Did you set the type to active-directory?</P> Sun, 28 Jul 2019 08:54:26 GMT https://live.paloaltonetworks.com/t5/general-topics/firewall-using-wrong-ldap-attribute-to-find-user-in-active/m-p/279673#M75747 Remo 2019-07-28T08:54:26Z